package com.example.wisdomclassroomapi.config;

import com.example.wisdomclassroomapi.facade.filter.FormLoginFilter;
import com.example.wisdomclassroomapi.facade.filter.JwtTokenFilter;
import com.example.wisdomclassroomapi.facade.security.FormAuthenticationProvider;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

import javax.annotation.Resource;


/**
 * SpringSecurity 配置类
 */
@Configuration
@EnableWebSecurity( debug = false )
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
    @Resource
    private AuthenticationSuccessHandler authenticationSuccessHandler;
    @Resource
    private AuthenticationFailureHandler authenticationFailureHandler;
    @Resource
    private FormAuthenticationProvider formAuthenticationProvider;
    @Resource
    private JwtTokenFilter jwtTokenFilter;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //设置表单登录manager 成功处理器 失败处理器
        FormLoginFilter formLoginFilter = new FormLoginFilter();
        formLoginFilter.setAuthenticationManager(authenticationManagerBean());
        formLoginFilter.setAuthenticationSuccessHandler(authenticationSuccessHandler);
        formLoginFilter.setAuthenticationFailureHandler(authenticationFailureHandler);
        formLoginFilter.setFilterProcessesUrl("/api/auth/login");

        // 拦截放行，登录方式配置
        http.authorizeRequests()
                .antMatchers("/api/auth/captcha").permitAll()
                .antMatchers("/api/auth/register").permitAll()
                .antMatchers("/api/auth/login").permitAll()
                .antMatchers("/api/auth/reset/sendEmailCode").permitAll()
                .antMatchers("/api/auth/reset/checkEmailCode").permitAll()
                .anyRequest().authenticated()
                .and()
                .logout()
                .logoutRequestMatcher(new OrRequestMatcher(new AntPathRequestMatcher("/api/logout","GET")))
                .and()
                //解决跨域
                .cors()
                .and()
                .csrf().disable();

        // 设置表单登录provider
        http.authenticationProvider(formAuthenticationProvider);

        // 添加filter
        http.addFilterAt(formLoginFilter, UsernamePasswordAuthenticationFilter.class);
        http.addFilterAfter(jwtTokenFilter, FormLoginFilter.class);
    }

    @Bean
    public CorsFilter corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();

        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.addAllowedOriginPattern("*");
        corsConfiguration.addAllowedHeader("*");
        corsConfiguration.addAllowedMethod("*");
        corsConfiguration.setAllowCredentials(true);
        source.registerCorsConfiguration("/**", corsConfiguration);
        return new CorsFilter(source);

    }

}
